Re: How can two services run under same user context?
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/22/04
- Next message: Roger Abell: "Re: Service ID Administration"
- Previous message: bruce: "Re: Help allowing Print Operators onto a domain controller"
- In reply to: Peter Steele: "Re: How can two services run under same user context?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Dec 2004 18:38:49 -0700
I believe that you would need to write the code in the service
so that you could signal it and receive the information in its
response, and, depending on how you do that you may have to
config the service to be allowed to interact with the desktop
which in general is not a preferred config for a service.
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Peter Steele" <psteele@z-force.com> wrote in message news:OnBH$c35EHA.1632@tk2msftngp13.phx.gbl... > One final question: > > Is there anyway to see the mounts a service has made from an interactive > session? I don't mean to use them but just to get the list in the same way > as I would do with "net use". > > "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message > news:%23P6a1nu5EHA.3236@TK2MSFTNGP15.phx.gbl... > > Environment variables obey different rules. > > When you ran the two interactively within a single login, > > it is the logged in context that acquired the mapping when > > one of the process mapped the drive - hence the interactive > > login and the other "service" could see the mapping. > > Environment variable work such that a child cmd gets its > > parents variable space, and can add its own values (which > > the parent does not get, but any child cmd will). > > > > -- > > Roger Abell > > Microsoft MVP (Windows Server System: Security) > > MCDBA, MCSE W2k3+W2k+Nt4 > > "Peter Steele" <psteele@z-force.com> wrote in message > > news:OiRdOdu5EHA.3124@TK2MSFTNGP11.phx.gbl... > >>I understand what you are saying, but if I open two command shells from my > >>interactive session and define new environment variables in one of the > >>sessions, these new environment variables are not available in the other > >>command shell. However, if I do a "net use x: ..." command, the drive that > >>is mounted is available to both. This is what puzzles me. If the command > >>shells share the same process space, shouldn't the environment variables > >>be available to both and not just the drive mappings? > >> > >> "Bob McCoy [MSFT]" <bobmccoy@online.microsoft.com> wrote in message > >> news:eMs5BGs5EHA.1404@TK2MSFTNGP11.phx.gbl... > >>> Roger said it most eloquently when he said, "It is not a sharing of > >>> security context (aka same account) that is > >>> important here but that they share the same process/job space." It's > >>> not the particular process, but the process space. In the case of when > >>> you "launch the processes as normal applications" they do share the same > >>> process space. Think of it this way -- the apps that you are running > >>> are child processes of your interactive session where the environmental > >>> variables such as mapped drives are shared information and available to > >>> all processes in that space. > >>> > >>> -- > >>> Bob McCoy > >>> * This posting is provided "AS IS" with no warranties, and confers no > >>> rights. > >>> * Please note I cannot respond to email questions. Please use these > >>> newsgroups. > >>> > >>> "Peter Steele" <psteele@z-force.com> wrote in message > >>> news:uBNUPCr5EHA.828@TK2MSFTNGP14.phx.gbl... > >>>> Okay, I understand this now. What I'm puzzled about is why this fails > >>>> when the processes are launched as services but it works when the > >>>> processes run as normal applications. More specifically, if I have a > >>>> service running under user admin and map a network drive, my other > >>>> service *does not* have access to that drive, as the article I found > >>>> explains. If on the other hand I launch the processes as normal > >>>> applications instead of services while logged in as user admin, when > >>>> one process maps a drive the other process *does* have access to it, > >>>> even though it is not a child of the process that maps the drive. In > >>>> fact, my interactive session also has access to the mapped drive. > >>>> What's the explanation for this? Do all these processes share the same > >>>> process space when launched interactively in this manner? > >>>> > >>>> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message > >>>> news:e$UCpwL5EHA.208@TK2MSFTNGP12.phx.gbl... > >>>>> It is not a sharing of security context (aka same account) that is > >>>>> important here but that they share the same process/job space. > >>>>> One service would need to have spawned off the other for this. > >>>>> (or share access to the same share as per separate mappings > >>>>> by each service as you have indicated). > >>>>> -- > >>>>> Roger Abell > >>>>> Microsoft MVP (Windows Server System: Security) > >>>>> MCDBA, MCSE W2k3+W2k+Nt4 > >>>>> "Peter Steele" <psteele@z-force.com> wrote in message > >>>>> news:uq34dfI5EHA.2580@TK2MSFTNGP10.phx.gbl... > >>>>>>A better subject would have been "How can two services access the same > >>>>>>network drive?". This problem is described here: > >>>>>> > >>>>>> http://support.microsoft.com/kb/149984/EN-US/ > >>>>>> > >>>>>> and unless something has changed since Windows NT, it would appear > >>>>>> that I cannot do what I want to do unless I explicitly authenticate > >>>>>> the network connections in each service. Not the answer I was hoping > >>>>>> for... > >>>>>> > >>>>>> "Peter Steele" <psteele@z-force.com> wrote in message > >>>>>> news:O$EuE8G5EHA.1564@TK2MSFTNGP09.phx.gbl... > >>>>>>>I have two services, both configured to run under the user 'admin'. > >>>>>>>One service mounts a network drive and maps it to drive Z. After > >>>>>>>doing this, the second service cannot access this drive, even though > >>>>>>>both are configured to run under the same account. Is there a way to > >>>>>>>have both services share the same security context so that both > >>>>>>>services have access to the network mounts the other establishes? > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> > >>>>>> > >>>>> > >>>>> > >>>> > >>>> > >>> > >>> > >> > >> > > > > > >
- Next message: Roger Abell: "Re: Service ID Administration"
- Previous message: bruce: "Re: Help allowing Print Operators onto a domain controller"
- In reply to: Peter Steele: "Re: How can two services run under same user context?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
